We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
WinNT/Ispro
Detected by Microsoft Defender Antivirus
Aliases: No associated aliases
Summary
Windows Defender Antivirus detects and removes this threat.
WinNT/Ispro is a family of kernel-mode rootkit programs that targets PCs running certain versions of Microsoft Windows. This rootkit is often bundled with adware that has also infected the PC. The rootkit allows an attacker to prevent deletion or modification of certain files and registry keys on an infected PC.
Follow us
